One of the largest wireless services providers in the USA, AT&T, has finally acknowledged what hackers stole from them. Data belonging to more than 51 million people. 

Regulatory compliance and legal action

The ongoing rule requiring public companies to disclose cyber security breaches led AT&T to submit a data breach notification to the authorities. AT&T also likely got a nudge from its legal team too. After tech blogs confirmed that stolen data on the dark web belongs to AT&T customers.

Details of the breach and customer impact

According to the filing with the Office of the Maine Attorney General, filed on April 10th, 2024, the data breach included customers’ extremely sensitive personal information, such as Social Security Numbers. The telecommunications company finally confirmed. On March 26th, 2024, AT&T determined that customer information belonging to AT&T’s current and previous customers was released on the dark web on March 17th, 2024. 

According to the wireless service provider, the personal identifiers included in the stolen information currently available for sale on the dark web includes a mixture of data. Full name, mailing address, social security number, email address, date of birth, phone number… And also other information such as carrier account numbers and passcodes.

It is believed that the data circulating the dark web is from 2019 and earlier. Also that does not include personal financial information such as credit card numbers and bank account information. 

Customer response and class-action lawsuits

AT&T has been hit with dozens of class-action lawsuits as a result of the data breach. With most plaintiffs accusing the telecom entity that the company did not do enough to prevent such sensitive information from being stolen by the cyberthieves and that it took AT&T longer than usual to confirm the existence of the data breach.

As a reminder, the first bits and pieces of the same data appeared in 2021, and over the last few years, AT&T has refused to acknowledge that the files circulating on the dark web belong to its customers. The company still needs to explain how the breach happened, too. 

Mitigation measures and assistance offered by AT&T

The troubled wireless carrier has begun issuing notice of data breach letters to its customers. Informing them of the cyber security incident and offering ways to remedy the problem. AT&T offers free credit monitoring, identity theft detection, and resolution services. The carrier also asks affected customers to remain vigilant and monitor credit reports for suspicious activity. 

The hacked carrier also advises people to watch out for possible phishing attempts via email and cell. With so much info already out, hackers could approach the victims, hoping to capitalize on the leaked data. The bundle offered by AT&T to affected customers also includes an insurance policy that covers up to $1 mil in damages caused by identity theft.

Relying on AT&T is not the only way to prevent yourself from getting hacked. Luckily, there are many sophisticated solutions available that could help people fight back against fraudsters and cybercriminals.

Read also: Foreign hackers have been nestling in U.S. critical infrastructure for years